search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
176 stars 218 forks source link

Sybil Attacker Report #606

Closed Annu2047 closed 2 years ago

Annu2047 commented 2 years ago

Related Addresses

19 addresses

0xc1109dd59595ce464a955096c357e036b1489f2b
0x1c51969083dd69a0ef9270a3f980a53243aee9f2
0xf29d2cfdee82f96d83aa11021f18685583e8f9fb
0x877389e462972ce1917d6c2ade93f5aa03057578
0x7c33221486c64faa5dc588e0c6959ebdf66864a1
0xf01064acd3515478959c7baf05fbe9a1dcde25f3
0xfe42490664a59a8aa1513777ff9a9c708f5d4485
0x35a63ba5cff5c032f7816ab7526cec65cd73248f
0x8d5da67ad57e1e6dd052c9430b83947a496bbffc
0x10b3e7874fb1fa1da2b0c91216dd1867d8740ffc
0xee93693bd71406deafb603744da08cacb462a329
0x69661e4dadeae57058e6afcc74af95ab531deb29
0xb77c6f4c53843b5e7bc28cee8993fabf534b9185
0x1f94981529b3e44d5a6adf8a601fd86025fa8796
0x484cc7e0e7843365998cab7ae24401e9edd694a7
0x508eb78e4d6c11290ab87dc10819b1ac2ba1425e
0x6d31314ec242a2aa30a12835f7a71ce89d16b639
0x6bb1c09b085aa78925cecb32c075eee06e21ab8b
0xf9a1336eb71dff99898046a24670221e7ca45f01

Reasoning

  1. All addresses received fund from 0x986a2fca9eda0e06fbf7839b89bfc006ee2a23dd2 with 0.9 Matic(first transaction) on 2021-11-22 on on polygon network.

Tx details:

0xc1109dd59595ce464a955096c357e036b1489f2b(https://polygonscan.com/tx/0xcf550cf3979f73a0ea177900fc0d59a085cb20d1c3cb651b84b7daeccbbd9784) 0x1c51969083dd69a0ef9270a3f980a53243aee9f2(https://polygonscan.com/tx/0x25e1395c1bf835b526c440d20f8190004e991e270670241e6451858011b9bb01) 0xf29d2cfdee82f96d83aa11021f18685583e8f9fb(https://polygonscan.com/tx/0xe06fa3e65dae86d50aa4353450c7f2089b2ed63123fd182a3786be722ab3ae71) 0x877389e462972ce1917d6c2ade93f5aa03057578(https://polygonscan.com/tx/0x9f34e56fe0312289d6764b20c61a586816d2b25a5a0b31784b13b913de4f491f) 0x7c33221486c64faa5dc588e0c6959ebdf66864a1(https://polygonscan.com/tx/0xfc91995ad8212217ecbb37915ac8a468685d5337afd430e68a1719070e8d65ef) 0xf01064acd3515478959c7baf05fbe9a1dcde25f3(https://polygonscan.com/tx/0xd4f13ee04e0f2684e5692bf0a6c5c856c2712bec05543d0726945f0cba2ff377) 0xfe42490664a59a8aa1513777ff9a9c708f5d4485(https://polygonscan.com/tx/0xd42773e8fdf28673404953614bfcb6fa4fa405ceff82d8c4917291dcfbc8b9f6) 0x35a63ba5cff5c032f7816ab7526cec65cd73248f(https://polygonscan.com/tx/0xd3a822f7939ca137c7727bfe9a0dfed6c0ca1bbacd0fad7fa10576cc76cb2248) 0x8d5da67ad57e1e6dd052c9430b83947a496bbffc(https://polygonscan.com/tx/0x7a224dc6081fd3ae871dd9031509951d1dfa641c92c57ef724e32e705f098c8c) 0x10b3e7874fb1fa1da2b0c91216dd1867d8740ffc(https://polygonscan.com/tx/0x3c58ed2130a03199237eff60003be4f4df59116f48594baf9ef3998a4426b9d3) 0xee93693bd71406deafb603744da08cacb462a329(https://polygonscan.com/tx/0x36232b24d36a0f44811c1d40e62fc8a249b6a5ab070ec0f7f9ac5ea8fc0b8aa9) 0x69661e4dadeae57058e6afcc74af95ab531deb29(https://polygonscan.com/tx/0xe75c59207a32b3dfd2d557ff16fa16e4a20064f4fed0742e199d501268d4db69) 0xb77c6f4c53843b5e7bc28cee8993fabf534b9185(https://polygonscan.com/tx/0xfc2c4f8964e28787bf08af4c0ff2c74126dd45da85bacc0fcf046e2e886d77e3) 0x1f94981529b3e44d5a6adf8a601fd86025fa8796(https://polygonscan.com/tx/0xfa761f689e19ec8dc9c1ddd79b05bc193199f7a04a0141cec2df810eada8bc56) 0x484cc7e0e7843365998cab7ae24401e9edd694a7(https://polygonscan.com/tx/0x32bc9de7915f2d2de8adc09ff210c46c3d1f3226c8f2474b19d4f9fdcb94864c) 0x508eb78e4d6c11290ab87dc10819b1ac2ba1425e(https://polygonscan.com/tx/0xc9b72fda9a7769851a6d8043195794ed76930fa48c47843b0c7c9ac2c1c4e0fd) 0x6d31314ec242a2aa30a12835f7a71ce89d16b639(https://polygonscan.com/tx/0xe1946ddaa7aa7cbeb6f5be4319f7a5c51930a66e1ebb9ddf133317aa224f44fd) 0x6bb1c09b085aa78925cecb32c075eee06e21ab8b(https://polygonscan.com/tx/0x54a1c33666356af0baa2b6b5c5d8717abeabe966939b7266476201abb8d6c076) 0xf9a1336eb71dff99898046a24670221e7ca45f01(https://polygonscan.com/tx/0x2227853895548b0c5c81223db3796156cff956ff5731e29c399b60f9b10d1058)

  1. All addresses did same attack on other projects, so they have similar transaction number(90-110) attack example: farmed 0x: Exchange Proxy: https://polygonscan.com/tx/0xc32b8c526e276832e6f540d8182275cf865aa88aa0f16899ee0ad3c82f290df1

  2. All addresses farmed https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27 from 2022-01-11 1:40 to 2022-01-11 2:20(within 50 minutes)

Tx details:

0xc1109dd59595ce464a955096c357e036b1489f2b(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xc1109dd59595ce464a955096c357e036b1489f2b) 0x1c51969083dd69a0ef9270a3f980a53243aee9f2(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x1c51969083dd69a0ef9270a3f980a53243aee9f2) 0xf29d2cfdee82f96d83aa11021f18685583e8f9fb(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xf29d2cfdee82f96d83aa11021f18685583e8f9fb) 0x877389e462972ce1917d6c2ade93f5aa03057578(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x877389e462972ce1917d6c2ade93f5aa03057578) 0x7c33221486c64faa5dc588e0c6959ebdf66864a1(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x7c33221486c64faa5dc588e0c6959ebdf66864a1) 0xf01064acd3515478959c7baf05fbe9a1dcde25f3(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xf01064acd3515478959c7baf05fbe9a1dcde25f3) 0xfe42490664a59a8aa1513777ff9a9c708f5d4485(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xfe42490664a59a8aa1513777ff9a9c708f5d4485) 0x35a63ba5cff5c032f7816ab7526cec65cd73248f(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x35a63ba5cff5c032f7816ab7526cec65cd73248f) 0x8d5da67ad57e1e6dd052c9430b83947a496bbffc(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x8d5da67ad57e1e6dd052c9430b83947a496bbffc) 0x10b3e7874fb1fa1da2b0c91216dd1867d8740ffc(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x10b3e7874fb1fa1da2b0c91216dd1867d8740ffc) 0xee93693bd71406deafb603744da08cacb462a329(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xee93693bd71406deafb603744da08cacb462a329) 0x69661e4dadeae57058e6afcc74af95ab531deb29(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x69661e4dadeae57058e6afcc74af95ab531deb29) 0xb77c6f4c53843b5e7bc28cee8993fabf534b9185(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xb77c6f4c53843b5e7bc28cee8993fabf534b9185) 0x1f94981529b3e44d5a6adf8a601fd86025fa8796(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x1f94981529b3e44d5a6adf8a601fd86025fa8796) 0x484cc7e0e7843365998cab7ae24401e9edd694a7(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x484cc7e0e7843365998cab7ae24401e9edd694a7) 0x508eb78e4d6c11290ab87dc10819b1ac2ba1425e(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x508eb78e4d6c11290ab87dc10819b1ac2ba1425e) 0x6d31314ec242a2aa30a12835f7a71ce89d16b639(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x6d31314ec242a2aa30a12835f7a71ce89d16b639) 0x6bb1c09b085aa78925cecb32c075eee06e21ab8b(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0x6bb1c09b085aa78925cecb32c075eee06e21ab8b) 0xf9a1336eb71dff99898046a24670221e7ca45f01(https://polygonscan.com/token/0x19ad2b1f012349645c3173ea63f98948a2b43d27?a=0xf9a1336eb71dff99898046a24670221e7ca45f01)

Methodology

I search all eligible addresses which received funding from a same EOA, then track all these addresses txs on different chain including ERC-20, ERC-721,ERC-1155.

Rewards Address

0x6a1AF72bBcfD0BA492E502F83334d3910Fa025dB

shanefontaine commented 2 years ago

@Annu2047

All addresses received fund from 0x986a2fca9eda0e06fbf7839b89bfc006ee2a23dd2 with 0.9 Matic(first transaction) on 2021-11-22 on on polygon network.

This does not appear to be true. In the transactions you linked, 0xf29d2cfdee82f96d83aa11021f18685583e8f9fb and 0x877389e462972ce1917d6c2ade93f5aa03057578 received different values. Can you try to add some information about these two in particular?

Annu2047 commented 2 years ago

@shanefontaine Thanks for your reminder. these two addresses has a little different on matic count and i missed that, i think the difference maybe for some reason, the root cause is that he did exactly the same behavior to attack some protocols.

For example: https://polygonscan.com/txs?a=0x877389e462972ce1917d6c2ade93f5aa03057578&p=3 https://polygonscan.com/txs?a=0xf29d2cfdee82f96d83aa11021f18685583e8f9fb&p=2

above two addresses has no difference with other addresses in this group except Matic money. for example: https://polygonscan.com/txs?a=0xc1109dd59595ce464a955096c357e036b1489f2b&p=3

Could you review again?

Annu2047 commented 2 years ago

@shanefontaine all of addresses also have similar operations on HOP:

ADDRESS total eth arbitrum optimism polygon gnosis
0xf29d2cfdee82f96d83aa11021f18685583e8f9fb 11 0 0 0 5 6
0xfe42490664a59a8aa1513777ff9a9c708f5d4485 11 0 0 0 3 8
0x7c33221486c64faa5dc588e0c6959ebdf66864a1 11 0 0 0 4 7
0x69661e4dadeae57058e6afcc74af95ab531deb29 11 0 0 0 3 8
0xb77c6f4c53843b5e7bc28cee8993fabf534b9185 11 0 0 0 3 8
0x6d31314ec242a2aa30a12835f7a71ce89d16b639 11 0 0 0 4 7
0x508eb78e4d6c11290ab87dc10819b1ac2ba1425e 11 0 0 0 3 8
0x1c51969083dd69a0ef9270a3f980a53243aee9f2 12 0 0 0 6 6
0x35a63ba5cff5c032f7816ab7526cec65cd73248f 12 0 0 0 5 7
0x8d5da67ad57e1e6dd052c9430b83947a496bbffc 12 0 0 0 2 10
0x6bb1c09b085aa78925cecb32c075eee06e21ab8b 12 0 0 0 3 9
0xc1109dd59595ce464a955096c357e036b1489f2b 13 0 0 0 3 10
0x1f94981529b3e44d5a6adf8a601fd86025fa8796 13 0 0 0 4 9
0x877389e462972ce1917d6c2ade93f5aa03057578 14 0 0 0 4 10
0x10b3e7874fb1fa1da2b0c91216dd1867d8740ffc 14 0 0 0 5 9
0xee93693bd71406deafb603744da08cacb462a329 14 0 1 0 4 9
0xf9a1336eb71dff99898046a24670221e7ca45f01 14 0 0 0 6 8
0xf01064acd3515478959c7baf05fbe9a1dcde25f3 16 0 0 0 6 10
0x484cc7e0e7843365998cab7ae24401e9edd694a7 16 0 0 0 7 9
Annu2047 commented 2 years ago

@shanefontaine If you still think those two addresses do not have enough evidences. pls remove them from the address list. Thank you very much.

shanefontaine commented 2 years ago

Thank you for your report @Annu2047. We have verified that the addresses in this report are Sybil attackers.

The report included 17 eligible addresses as Sybil attackers which means you are eligible for 6119.937956052152192438 HOP! When Hop DAO is live, we will make a proposal for this reward — subject to a 1 year lockup, as mentioned in the original Mirror post.

Please note that 0xf29d2cfdee82f96d83aa11021f18685583e8f9fb and 0x877389e462972ce1917d6c2ade93f5aa03057578 were excluded from the qualified addresses due to the differences listed above.

The qualified addresses are as follows:

0xc1109dd59595ce464a955096c357e036b1489f2b
0x1c51969083dd69a0ef9270a3f980a53243aee9f2
0x7c33221486c64faa5dc588e0c6959ebdf66864a1
0xf01064acd3515478959c7baf05fbe9a1dcde25f3
0xfe42490664a59a8aa1513777ff9a9c708f5d4485
0x35a63ba5cff5c032f7816ab7526cec65cd73248f
0x8d5da67ad57e1e6dd052c9430b83947a496bbffc
0x10b3e7874fb1fa1da2b0c91216dd1867d8740ffc
0xee93693bd71406deafb603744da08cacb462a329
0x69661e4dadeae57058e6afcc74af95ab531deb29
0xb77c6f4c53843b5e7bc28cee8993fabf534b9185
0x1f94981529b3e44d5a6adf8a601fd86025fa8796
0x484cc7e0e7843365998cab7ae24401e9edd694a7
0x508eb78e4d6c11290ab87dc10819b1ac2ba1425e
0x6d31314ec242a2aa30a12835f7a71ce89d16b639
0x6bb1c09b085aa78925cecb32c075eee06e21ab8b
0xf9a1336eb71dff99898046a24670221e7ca45f01